Security Operations Center: Building, Operating, and Maintaining your SOC by Joseph Muniz & Gary McIntyre & Nadhem AlFardan

Author:Joseph Muniz & Gary McIntyre & Nadhem AlFardan [Muniz, Joseph]
Language: eng
Format: epub
Publisher: Pearson Education
Published: 2015-11-01T20:00:00+00:00

The Upper and Lower Bounds of Technology

Outside of the impact of process, another unforeseen challenge for the SOC team is associated with the technologies that could underpin SOC services. For example, security information and event management (SIEM) technologies tend to be limited in ways that impact the perceived effectiveness of the SOC. On the lower bound, the SIEM may either not see certain events from key systems or be unable to provide a long-term view into such data. On the upper bound, the SIEM may simply not alert the team to real security incidents because it either misinterprets event data or has been configured to ignore some events in favor of others. The SIEM might not have sufficient information about assets or the environment it is monitoring to distinguish serious attacks. In some organizations, the SOC may have little control over the technologies they rely on, and have less ability to influence improvement. Not having the right tools can be frustrating for the SOC team and could lead to a failure for which the team will be held responsible.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.